- From: L. David Baron <notifications@github.com>
- Date: Wed, 31 Oct 2018 06:23:40 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 October 2018 13:24:11 UTC
So one other comment from TAG discussion right now: a bunch of folks didn't understand what the explainer was saying because the explainer's description of the use cases sort of depends on already understanding some of the concepts involved. I think a clearer way to describe the example user need would be something like the following: Suppose a page that contains a cross-origin `iframe` wants to allow that iframe to request (say, via a `postMessage` contract) becoming larger, because it's appropriate for that iframe to become larger when the user interacts with it. However, it doesn't entirely trust that iframe from trying to grab extra attention, so it wants to do the same check that the browser does as part of its popup blocking code, which is a test for user activation. So this API allows the containing page to validate the `postMessage` from its iframe by only honoring the request to become larger if there is currently a user activation, that is, if the message appears to have been the result of a real user interaction with that iframe. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/300#issuecomment-434684782
Received on Wednesday, 31 October 2018 13:24:11 UTC